ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It is employed to stop attacks against script-driven websites through the use of security rules that contain particular expressions. This way, the firewall can stop hacking and spamming attempts and shield even sites which are not updated often. For example, a number of unsuccessful login attempts to a script admin area or attempts to execute a specific file with the objective to get access to the script shall trigger certain rules, so ModSecurity will block these activities the moment it discovers them. The firewall is extremely efficient since it monitors the whole HTTP traffic to a site in real time without slowing it down, so it can easily prevent an attack before any harm is done. It additionally keeps an incredibly comprehensive log of all attack attempts which includes more info than standard Apache logs, so you could later examine the data and take extra measures to increase the security of your websites if needed.
ModSecurity in Shared Hosting
ModSecurity is offered with every shared hosting package which we provide and it is turned on by default for every domain or subdomain that you add via your Hepsia CP. In the event that it disrupts any of your apps or you'd like to disable it for whatever reason, you will be able to accomplish that through the ModSecurity area of Hepsia with merely a click. You could also enable a passive mode, so the firewall will discover potential attacks and maintain a log, but shall not take any action. You could see comprehensive logs in the same section, including the IP address where the attack came from, what precisely the attacker tried to do and at what time, what ModSecurity did, and so forth. For max security of our customers we use a group of commercial firewall rules mixed with custom ones which are provided by our system administrators.
ModSecurity in Semi-dedicated Servers
We have included ModSecurity by default within all semi-dedicated server products, so your web apps will be protected the instant you set them up under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts shall allow you to switch on or disable the firewall for any site with a click. You will also have the ability to switch on a passive detection mode with which ModSecurity will maintain a log of possible attacks without really preventing them. The thorough logs include the nature of the attack and what ModSecurity response that attack initiated, where it originated from, etc. The list of rules we use is frequently updated in order to match any new threats that may appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones that our administrators include in the event that they find a threat that is not present within the commercial list yet.
ModSecurity in VPS Servers
Security is very important to us, so we set up ModSecurity on all VPS servers that are made available with the Hepsia CP as a standard. The firewall could be managed via a dedicated section in Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you'll not need to do anything manually. You shall also be able to disable it or activate the so-called detection mode, so it shall keep a log of potential attacks that you can later analyze, but shall not stop them. The logs in both passive and active modes contain info regarding the form of the attack and how it was prevented, what IP address it originated from and other useful info which may help you to tighten the security of your sites by updating them or blocking IPs, as an example. Beyond the commercial rules we get for ModSecurity from a third-party security enterprise, we also implement our own rules because once in a while we identify specific attacks that are not yet present inside the commercial group. This way, we can boost the security of your VPS immediately rather than waiting for an official update.
ModSecurity in Dedicated Servers
ModSecurity is included with all dedicated servers that are integrated with our Hepsia CP and you will not have to do anything specific on your end to employ it because it is switched on by default every time you add a new domain or subdomain on your hosting server. If it disrupts any of your programs, you'll be able to stop it through the respective part of Hepsia, or you may leave it operating in passive mode, so it will identify attacks and shall still maintain a log for them, but shall not block them. You could examine the logs later to learn what you can do to boost the safety of your websites since you will find details such as where an intrusion attempt came from, what site was attacked and based upon what rule ModSecurity responded, and so forth. The rules which we employ are commercial, hence they're constantly updated by a security company, but to be on the safe side, our staff also include custom rules from time to time in order to deal with any new threats they have identified.